Method and system for automated distinguished name lookup

Data processing: database and file management or data structures – Database design – Data structure types

Reexamination Certificate

Rate now

  [ 0.00 ] – not rated yet Voters 0   Comments 0

Details

C707S793000, C707S793000, C707S793000, C707S793000

Reexamination Certificate

active

06408306

ABSTRACT:

BACKGROUND OF THE INVENTION
1. Technical Field
The present invention relates generally to an improved data processing system and, in particular, to a method and apparatus for database or file accessing.
2. Description of Related Art
A directory service is a central point where network services, security services and applications can form an integrated distributed computing environment. Typical uses of a directory service may be classified into several categories. A “naming service”, such as Directory Naming Service (DNS) or Cell Directory Service (CDS), uses the directory as a source to locate an Internet Host address or the location of a given server. A “user registry”, such as Novell Directory Services (NDS), stores information about users in a system comprised of a number of interconnected machines. Still another directory service is a “white pages” lookup provided by some mail clients, such as Netscape Communicator or Lotus Notes.
Lightweight Directory Access Protocol (LDAP) is a software protocol for providing directory service enablement to a large number of applications. These applications range from e-mail to distributed system management tools. LDAP is an evolving protocol model based on the client-server model in which a client makes a TCP/IP connection to an LDAP server. LDAP is a “lightweight” version of DAP (Directory Access Protocol), which is part of X.500, a standard for directory services in a network. More information about LDAP may found in “Lightweight Directory Access Protocol (v3)”, http://ietf.org/rfc/rfc2251.txt.
The LDAP information model is based on an “entry”, which contains information about some object. Entries are typically organized in a specified tree structure, and each entry is composed of attributes. LDAP entries are usually arranged in a tree structure that follows a geographical and organizational distribution. Each entry is named according to their position in the hierarchy by a distinguished name (DN). Each component of the distinguished name is called a Relative Distinguished Name (RDN).
An example LDAP directory is organized in a simple tree hierarchy consisting of the following levels:
The “root” directory is the starting place or the source of the tree.
Countries are designated by two letter codes, such as US for the United States of America.
Organizations can be private companies, government units, etc.
Organizational units are divisions, departments, etc.
Individuals include people, files, or shared resources, such as printers.
For example, John M. Smith, who is part of the marketing department at Acme Corporation, might have the following Distinguished Name: “cn=John M. Smith, ou=Marketing, o=ACME Corporation, c=US”, where “cn” stands for “common name”, “ou” is “organizational unit”, “o” is “organization”, and “c” is “country”.
An LDAP directory can be distributed among many servers, with parts of data residing on a set of machines. Another scenario has each server containing a replicated version of the total directory that is synchronized periodically. An LDAP server is called a Directory System Agent (DSA). An LDAP server that receives a request from a user takes responsibility for the request, passing it to other DSAs as necessary, either through server chaining or client referrals. Both cases ensure a single coordinated response for the user. Although directory structures can reside on a single server, there are several reasons for splitting directories across multiple machines. First, the directory may be too large to make it practical to store on a single server. Second, network administrators may want to keep the physical location of the server close to the expected clients to minimize network traffic.
With an increasing number of applications and system services demanding a central information repository, directory servers can provide system administrators with a data repository that can significantly ease administrative burdens. In the Internet/intranet environment, these services provide user access to information in a secure manner.
To perform operations on directory entries, distinguished names for the directory entries must be specified. However, it is generally difficult to remember full distinguished names. Manually specifying a full distinguished name is time-consuming and error-prone.
For example, in order to connect, i.e. bind, to a directory server, a user needs to specify a distinguished name in order for the bind operation to proceed. Other LDAP operations also require the entry of distinguished names, such as modifying a particular directory entry. In some circumstances, the user may not know the distinguished name of a directory entry on which the user desires to perform an operation, although the user might be able to discern a desired distinguished name from a set of distinguished names if the user could be presented with the ability to choose a particular distinguished name from a set of distinguished names.
Therefore, it would be advantageous to have an improved method and system for specifying distinguished names.
SUMMARY OF THE INVENTION
A method and system for an automated distinguished name lookup is provided for use in a Lightweight Directory Access Protocol (LDAP) directory operation. A user provides input via a dialog window for an identifier string which is not a distinguished name. An LDAP search filter string is generated that contains at least a portion of the identifier string. A directory search is requested using the LDAP search filter string. In response to the requested directory search, one or more distinguished names are received. In response to receiving a single distinguished name for the requested directory search, the received distinguished name is automatically applied in the LDAP directory operation. In response to receiving a plurality of distinguished names for the requested directory search, the plurality of distinguished names are presented to the user, and the user may select one of the plurality of distinguished names. The selected distinguished name is then applied in the LDAP directory operation, which may perform an authentication process for the user using a distinguished name received in response to the requested directory search. The user may also configure a dialog window for entry attributes and filters to be used while searching for potential distinguished names.


REFERENCES:
patent: 6016499 (2000-01-01), Ferguson
patent: 6085188 (2000-07-01), Bachmann et al.
patent: 6161139 (2000-12-01), Win et al.
patent: 6182142 (2001-01-01), Win et al.
patent: 6185288 (2001-02-01), Wong
patent: 6199062 (2001-03-01), Byrne et al.
patent: 6208986 (2001-03-01), Schneck et al.
patent: 6243676 (2001-06-01), Witteman
patent: 6292838 (2001-09-01), Nelson
The String Representation of LDAP Search Filters; Howes, T.; Dec. 1997; pp. 1-7.
A String Representation of Distinguished Names; Kille, S.; Mar. 1995, pp. 1-7.

LandOfFree

Say what you really think

Search LandOfFree.com for the USA inventors and patents. Rate them and share your experience with other people.

Rating

Method and system for automated distinguished name lookup does not yet have a rating. At this time, there are no reviews or comments for this patent.

If you have personal experience with Method and system for automated distinguished name lookup, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method and system for automated distinguished name lookup will most certainly appreciate the feedback.

Rate now

     

Profile ID: LFUS-PAI-O-2893904

  Search
All data on this website is collected from public sources. Our data reflects the most accurate information available at the time of publication.